LMS 3.0 Syslog Forward

Unanswered Question
Apr 23rd, 2008
User Badges:

Hi All,


I have been reading previous post about forwarding syslog to another host. But I have a situation where I need to forward syslog messages to another port on the SAME host as the LMS server.


I can see it being done 1 of 2 ways, first change the LMS syslog port to be 5140 and get the 3rd party syslog app to forward to 5140.


Second is to leave LMS syslog port unchanges and forward it's messages to port 5140.


I have not been able to find any infor on being able to change the default port that syslog listens on for LMS.


Any help would be appreciated..


Thanks in advanc


Jason

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 04/23/2008 - 18:18
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This depends on the operating system.

Joe Clarke Wed, 04/23/2008 - 20:08
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Edit the registry, and change the key HKLM\SYSTEM\CurrentControlSet\Services\crmlog\Parameters\CrmLogPort. The default is udp/514. After changing this value, restart the CiscoWorks Syslog service.


Note: whatever is forwarding the syslog messages to this port cannot modify the messages in any way, or the syslog parser will not be able to recognize which device sent the messages.

jasonharmer Wed, 04/23/2008 - 21:07
User Badges:

Thanks, that has changed the port number but when the message is forwarded ithe source addrress is being changed..


Is there a way to get LMS to forward the system message??

Joe Clarke Wed, 04/23/2008 - 22:28
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You'd have to write an automated action script or program to do the forwarding. You may have seen a Perl script I posted to this forum to forward messages to a different host. The same script would work to forward messages to a different port on the same host, but you would have to edit C:\WINDOWS\system32\drivers\etc\services, and change the syslog service from udp/514 to your new UDP port.

Actions

This Discussion